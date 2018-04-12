Data Exfiltrators Send Info Over PCs' Power Supply Cables (theregister.co.uk) 35
From a report on The Register: If you want your computer to be really secure, disconnect its power cable. So says Mordechai Guri and his team of side-channel sleuths at the Ben-Gurion University of the Negev. The crew have penned a paper titled PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines that explains how attackers could install malware that regulates CPU utilisation and creates fluctuations in the current flow that could modulate and encode data. The variations would be "propagated through the power lines" to the outside world.
Depending on the attacker's approach, data could be exfiltrated at between 10 and 1,000 bits-per-second. The higher speed would work if attackers can get at the cable connected to the computer's power supply. The slower speed works if attackers can only access a building's electrical services panel. The PowerHammer malware spikes the CPU utilisation by choosing cores that aren't currently in use by user operations (to make it less noticeable). Guri and his pals use frequency shift keying to encode data onto the line.
good luck getting past the UPS (Score:3, Interesting)
Double-conversion UPS... the data stops there. There's your firewall.
May not be enough if they use spikes for that transmission. You would probably need to filter and shield far more carefully than an UPS does.
The whole thing is a worthless stunt anyways: Instead of breaking into the house and tapping the power-line, just open one more door and bug the computer itself.
Wouldn't help; They are varying the power the machine uses, and unless you have a power supply that can output a variable amount of power while keeping the power it draws from the wall constant (which would be either magical or horrendously inefficient at partial loads) there's no way to "filter" this sort of attack.
Apple will fix this with $100 DRMed power cables (Score:2)
Apple will fix this with $100 DRMed power cables.
years ago alienware had an $50+ upgraded power cable as an add on.
Spoken like a true desktop security guru (Score:3)
Spoken like a true desktop security guru.
>> If you want your computer to be really secure, disconnect its power cable
...and run it on batteries.
Or a laptop (even plugged in).
Depends on the filters. They will try to transmit power-spikes and those can get trough an inline-UPS as well to a degree. The whole thing is a worthless stunt anyways as you need to tap the power-line close by.
Virus scanner plugs this security hole. (Score:3, Funny)
On my work machine our overzealous virus scanner settings have closed this security hole... the CPU is constantly pegged at 100% ensuring that the power can't fluctuate at all.
It also eliminated the need for a furnace in the building.
Jesus Christ! (Score:1)
Hackers can get into your system no matter what!
I bet if we went back to abacuses, hackers would figure out how to decipher the clicks and know what you're doing.
"Damn! My abacus was hacked!"
"You moron! You should have used the anti-hacking felt on the beads. Geeze!"
And then a hacker would figure out how to hack the abacus by the felt dust that falls.
Exfiltrating data via user facial expressions. (Score:2)
The paper describes a method of adding jank to applications which will cause users to frown and furrow their eyebrows, which in turn can be monitored by a high-def camera furtively installed on their monitor to communicate between 100 and 1337 bits per minute to attackers.
Honestly, who approves this research? I mean, yes, it's possible, but if your computer is "air-gapped" and the attackers have the ability to breath your air, you are already screwed.
Don't install malware
You insensitive clod! I run Windows.
What? (Score:2)
This is obvious. Not obvious in hindsight but obvious as a fundamental well known security problem. It have been protected against in the past (filtering power lines to reduce or eliminate signal transmission). And it is _really_ old news, this was known and protected against before I was born.
So, how this works (Score:2)
The attacker needs to gain access to the server's power cord, or maybe the building's power panel then attach some dongle. Then they need to somehow gain access to a air gapped machine on a secure network in what is likely a secured facility. Once they do that, they then gain access to the server and install malware that will send semaphores by upping CPU use.
While an interesting laboratory experiment, I'm not really all that concerned. I do predict it showing up in the next Mission: Impossible installment,
Basically, the attacker has to do all steps except the last one, namely to physically access the computer itself. Building access is already a must in most cases. Hence it will be cheaper, more reliable and far easier to just bug the computer itself.
This is an improvement (Score:2)
Another worthless stunt (Score:2)
No actual security expert is surprised this is possible. However, this is actually worthless in almost all circumstances. First, you have to be close enough that standard TEMPEST attacks should work a lot better. And second, this has a high risk of causing problems elsewhere and getting notices. And thirs, the data-rate is laughable and unsuitable for most attacks.
10bps... (Score:2)
That's only 2000 hours to get 1MB of information...
So yeah... there might be faster, more efficient ways...
Sorry, 200... assuming no overhead/checksum additional data required to ensure efficient transmission
